<?php
/*
|---------------------------------------------------------------
| PHP ERROR REPORTING LEVEL
|---------------------------------------------------------------
|
| By default CI runs with error reporting set to ALL.  For security
| reasons you are encouraged to change this when your site goes live.
| For more info visit:  http://www.php.net/error_reporting
|
*/
	error_reporting(E_ALL);

/*
|---------------------------------------------------------------
| SYSTEM FOLDER NAME
|---------------------------------------------------------------
|
| This variable must contain the name of your "system" folder.
| Include the path if the folder is not in the same  directory
| as this file.
|
| NO TRAILING SLASH!
|
*/
	$system_folder = "br1cab0x1ssu1t3";

/*
|---------------------------------------------------------------
| APPLICATION FOLDER NAME
|---------------------------------------------------------------
|
| If you want this front controller to use a different "application"
| folder then the default one you can set its name here. The folder 
| can also be renamed or relocated anywhere on your server.
| For more info please see the user guide:
| http://www.codeigniter.com/user_guide/general/managing_apps.html
|
|
| NO TRAILING SLASH!
|
*/
	$application_folder = "application";


/*
|===============================================================
| END OF USER CONFIGURABLE SETTINGS
|===============================================================
*/


/*
|---------------------------------------------------------------
| SET THE SERVER PATH
|---------------------------------------------------------------
|
| Let's attempt to determine the full-server path to the "system"
| folder in order to reduce the possibility of path problems.
| Note: We only attempt this if the user hasn't specified a 
| full server path.
|
*/
if (strpos($system_folder, '/') === FALSE)
{
	if (function_exists('realpath') AND @realpath(dirname(__FILE__)) !== FALSE)
	{
		$system_folder = realpath(dirname(__FILE__)).'/'.$system_folder;
	}
}
else
{
	// Swap directory separators to Unix style for consistency
	$system_folder = str_replace("\\", "/", $system_folder); 
}

/*
|---------------------------------------------------------------
| DEFINE APPLICATION CONSTANTS
|---------------------------------------------------------------
|
| EXT		- The file extension.  Typically ".php"
| FCPATH	- The full server path to THIS file
| SELF		- The name of THIS file (typically "index.php)
| BASEPATH	- The full server path to the "system" folder
| APPPATH	- The full server path to the "application" folder
|
*/
define('EXT', '.'.pathinfo(__FILE__, PATHINFO_EXTENSION));
define('FCPATH', __FILE__);
define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME));
define('BASEPATH', $system_folder.'/');

if (is_dir($application_folder))
{
	define('APPPATH', $application_folder.'/');
}
else
{
	if ($application_folder == '')
	{
		$application_folder = 'application';
	}

	define('APPPATH', BASEPATH.$application_folder.'/');
	
	require_once APPPATH.'env.php';
	require_once APPPATH.'libraries/Utils.php';
}

/*
|---------------------------------------------------------------
| DEFINE E_STRICT
|---------------------------------------------------------------
|
| Some older versions of PHP don't support the E_STRICT constant
| so we need to explicitly define it otherwise the Exception class 
| will generate errors.
|
*/
if ( ! defined('E_STRICT'))
{
	define('E_STRICT', 2048);
}

//
// end blatant CI code ripoff. woop!
//
require_once APPPATH.'libraries/openid.php';

session_start();

// build urls
$token	= isset($_REQUEST['auth_token']) ? $_REQUEST['auth_token'] : '';
$urls	= build_openid_urls($token);

// handle the openid response
$consumer 	= create_consumer();
$msg		= "success";
$response 	= $consumer->complete($urls['redirect']);

if ($response->status == Auth_OpenID_CANCEL)
{
	$msg = "OpenID verification cancelled.";
	$_SESSION['flash']['error'] = $msg;
	header('Location: /sign_up_or_log_in');
	exit();
}
elseif ($response->status == Auth_OpenID_FAILURE)
{
	$msg = "OpenID verification failed: {$response->message}.";
	$_SESSION['flash']['error'] = $msg;
	header('Location: /sign_up_or_log_in');
	exit();
}
elseif ($response->status == Auth_OpenID_SUCCESS)
{
	// success! get the identity url and sreg data
	$open_id		= $response->getDisplayIdentifier();
	$esc_identity 	= htmlspecialchars($open_id, ENT_QUOTES);
	$sreg_resp 		= Auth_OpenID_SRegResponse::fromSuccessResponse($response);
	$sreg			= $sreg_resp->contents();
	
	$sreg_params_ary = array();
	if (count($sreg))
	{
		foreach ($sreg as $k => $v)
			$sreg_params_ary[] = "{$k}:{$v}";
			
		$sreg_params = '/sreg/'.url_safe_base64(join("|", $sreg_params_ary), 'encode');
	}
	else
		$sreg_params = '';
	
	// back to /account/auth_openid_finish
	// we should really POST this instead...
	$back_url = "/account/auth_openid_finish/token/{$token}{$sreg_params}/id_hash/".url_safe_base64($esc_identity, 'encode');
	header("Location: {$back_url}");
}
?>